announce  

Messages by Thread

• [ANNOUNCE] Apache NiFi 2.8.0 Released Pierre Villard
• [ANNOUNCE] Apache ActiveMQ 5.19.2 has been released! Jean-Baptiste Onofré
• [ANNOUNCE] Apache Karaf runtime 4.4.10 has been released! Jean-Baptiste Onofré
• [ANNOUNCE] Apache Camel 4.14.5 (LTS) Released Gregor Zurowski
• [ANNOUNCEMENT] HttpComponents Core 5.4.1 GA released Oleg Kalnichevski
• [ANNOUNCE] Apache Artemis 2.51.0 Released Domenico Francesco Bruscino
• [ANNOUNCE] Apache Camel 4.10.9 (LTS) Released Gregor Zurowski
• [ANNOUNCE] Release Apache Hop 2.17.0 Bart Maertens
• CVE-2025-33042: Apache Avro Java SDK: Code injection on Java generated code Ryan Skraba
• [ANNOUNCE] Apache Fesod (Incubating) 2.0.1-incubating released Shuxin Pan
• [ANN] Tomcat 9.0.x End of Support and Tomcat 9 long term support plan Mark Thomas
• [ANN] End of support for Apache Tomcat Native 1.3.x Mark Thomas
• [ANN] Apache Tomcat Native 1.3.6 released Mark Thomas
• [ANN] Apache Tomcat Native 2.0.13 released Mark Thomas
• [ANN] Apache Struts IntelliJ IDEA plugin ver. 253.18970.1 Lukasz Lenart
• [ANNOUNCE] Apache Fory 0.15.0 released Shawn Yang
• [ANNOUNCE] Apache Druid 36.0.0 release Zoltan Haindrich
• CVE-2026-23906: Apache Druid: Authentication Bypass via LDAP Anonymous Bind Karan Kumar
• CVE-2026-24343: Apache HertzBeat: Uncontrolled Resource Consumption via Crafted XPath Expressions Qingran Zhao
• CVE-2026-24098: Apache Airflow: Assigning single DAG permission leaked all DAGs Import Errors Ephraim Anierobi
• CVE-2026-22922: Apache Airflow: Airflow externalLogUrl Permission Bypass Ephraim Anierobi
• CVE-2026-23901: Apache Shiro: Brute force attack possible to determine valid user names Lenny Primak
• CVE-2026-23903: Apache Shiro: Auth bypass when accessing static files only on case-insensitive filesystems Lenny Primak
• [ANNOUNCE] Apache ShardingSphere ElasticJob-3.0.5 available Longtao Jiang
• [ANNOUNCE] Apache Traffic Server 10.1.1 Release Chris McFarlen
• [ANNOUNCE] Apache Flink Agents 0.2.0 released Xuannan Su
• [ANNOUNCE] Apache APISIX 3.15.0 has been released Abhishek Choudhary
• [ANNOUNCE] Apache Daffodil 4.1.0 Released Steve Lawrence
• [ANNOUNCE] Apache YuniKorn v1.8.0 released Wilfred Spiegelenburg
• [ANNOUNCE] Apache Airflow 3.1.7 Released Ephraim Anierobi
• [ANN] Apache Syncope 3.0.16 Francesco Chicchiriccò
• [ANNOUNCE] Apache TomEE 10.1.4 Markus Jung
• [ANN] Apache Syncope 4.0.4 Francesco Chicchiriccò
• [ANNOUNCE] Apache Teaclave™ TrustZone SDK 0.8.0 Released Zehui Chen
• [ANNOUNCE] Apache StormCrawler 3.5.1 released Richard Zowalla
• CVE-2026-24735: Apache Answer: Revision API Improper Access Control leads to Information Disclosure Enxin Xie
• [ANNOUNCE] Apache Airflow Providers prepared on 2026-01-27 are released Vincent Beck
• [ANNOUNCE] Apache Pulsar C# Client DotPulsar 5.1.2 released David Jensen
• CVE-2026-23795: Apache Syncope: Console XXE on Keymaster parameters Francesco Chicchiriccò
• CVE-2026-23794: Apache Syncope: Reflected XSS on Enduser Login Francesco Chicchiriccò
• [ANNOUNCE] Apache Grails 7.0.7 James Fredley
• [ANNOUNCE] Apache SIS 1.6 Release Martin Desruisseaux
  • [ANNOUNCE] Apache SIS 1.6 Release Martin Desruisseaux
• [ANN] Apache Tomcat 11.0.18 Available Mark Thomas
• [ANNOUNCE] Apache Pulsar Client C++ 4.0.1 released Yunze Xu
• [ANN] Apache Tomcat 10.1.52 Available Christopher Schultz
• [ANNOUNCE] Apache MINA SSHD 2.17.1 released Thomas Wolf
• [ANNOUNCE] Apache Arrow 23.0.0 released Raúl Cumplido
• [ANNOUNCE] Apache Groovy 5.0.4 Released Paul King
• [ANNOUNCE] Apache Grails 7.0.6 James Daugherty
• [ANNOUNCE] Apache bRPC 1.16.0 released Xiaofeng
• CVE-2016-15057: Apache Continuum: Command injection leading to RCE Arnout Engelen
• https://karaf.apache.org/security/cve-2026-24656.txt: CVE-2026-24656: Apache Karaf: Decanter log-socket collector has deserialization vulnerability Jean-Baptiste Onofré
• [ANNOUNCE] Apache NiFi API 2.6.0 Released Pierre Villard
• [ANNOUNCE] Apache Artemis 2.50.0 Released Justin Bertram
• CVE-2025-27821: HDFS native client: Out of bounds write in URI parser of native HDFS client Chris Nauroth
• [ANNOUNCE] Apache Qpid JMS 2.10.0 released Robbie Gemmell
• [ANNOUNCE] Apache Qpid JMS 1.16.0 released Robbie Gemmell
• [ANN] Apache Tomcat 9.0.115 available Rémy Maucherat
• [ANNOUNCE] Apache Commons BCEL Version 6.12.0 Gary Gregory
• [ANNOUNCE] Apache MINA SSHD 2.17.0 released Thomas Wolf
• [ANNOUNCE] Apache Airflow Providers prepared on 2026-01-17 are released Jens Scheffler
• [ANNOUNCE] Apache Groovy 4.0.30 Released Paul King
• CVE-2026-22444: Apache Solr: Insufficient file-access checking in standalone core-creation requests Jason Gerlowski
• CVE-2026-22022: Apache Solr: Unauthorized bypass of certain "predefined permission" rules in the RuleBasedAuthorizationPlugin Jason Gerlowski
• [ANNOUNCE] Apache OFBiz 24.09.05 released Nicolas Malin
• [ANNOUNCE] Apache IoTDB 2.0.6 released Haonan Hou
• [ANNOUNCE] Apache Airflow Providers prepared on 2026-01-13 are released Jens Scheffler
• [ANNOUNCE] Apache Jackrabbit 2.22.3 released Julian Reschke
• [ANNOUNCE] Apache Qpid protonj2 1.1.0 released Timothy Bish
• CVE-2025-60021: Apache bRPC: Remote command injection vulnerability in heap builtin service Guangming Chen
• CVE-2025-68675: Apache Airflow: proxy credentials for various providers might leak in task logs Ephraim Anierobi
• CVE-2025-68438: Apache Airflow: Secrets in rendered templates could contain parts of sensitive values when truncated Ephraim Anierobi
• [ANNOUNCE] Apache DataSketches Rust 0.2.0 Released tison
• [ANNOUNCE] Apache Airflow 3.1.6 Released Ephraim Anierobi
• CVE-2025-66169: Apache Camel: Cypher injection vulnerability in Camel-Neo4j component Andrea Cosentino
• [ANNOUNCE] Apache Flink-shaded 21.0 released Martijn Visser
• [ANNOUNCE] Apache Grails 7.0.5 James Fredley
• [ANNOUNCE] Grails Publish Gradle Plugin 0.0.4 James Fredley
• [ANNOUNCE] Apache Camel 4.17.0 Released Gregor Zurowski
• [ANN] Apache Tomcat Native 1.3.4 released Mark Thomas
• [ANN] Apache Tomcat Native 2.0.12 released Mark Thomas
• S2-069: CVE-2025-68493: Apache Struts, Apache Struts: XXE vulnerability in outdated XWork component Lukasz Lenart
• [ANNOUNCE] Apache Camel 4.14.4 (LTS) Released Gregor Zurowski
• [ANNOUNCE] Apache Kudu 1.18.1 Released Abhishek Chennaka
• [ANNOUNCE] Apache Fineract 1.14.0 Release Adam Monsen
• [ANNOUNCE] Apache IoTDB 1.3.6 released Haonan Hou
• [ANNOUNCE] Apache Jackrabbit Oak 1.90.0 released Jörg Hoh
• CVE-2025-62235: Apache NimBLE: Incorrect handling of SMP Security Request could lead to undesirable pairing Szymon Janc
• CVE-2025-53477: Apache NimBLE: NULL Pointer Dereference in NimBLE host HCI layer Szymon Janc
• CVE-2025-53470: Apache NimBLE: Out-of-Bounds Write Vulnerability in NimBLE HCI H4 driver Szymon Janc
• CVE-2025-52435: Apache NimBLE: Invalid error handling in pause encryption procedure in NimBLE controller Szymon Janc
• CVE-2025-68280: Apache SIS: XML External Entity (XXE) vulnerability Martin Desruisseaux
• [ANNOUNCE] Apache Fory 0.14.1 released Shawn Yang
• CVE-2025-66518: Apache Kyuubi: Unauthorized directory access due to missing path normalization Akira Ajisaka
• [ANNOUNCE] Apache Airflow Providers prepared on 2025-12-30 are released Shahar Epstein
• Apache Commons Pool 2.13.1 Gary Gregory
• [ANNOUNCE] Apache Kyuubi v1.10.3 is available Akira Ajisaka
• [ANNOUNCE] Apache Camel 4.14.3 (LTS) Released Gregor Zurowski
• [ANNOUNCE] Apache Kyuubi v1.11.0 is available Cheng Pan
• [ANNOUNCE] Apache EventMesh 1.12.0 available mikexue
• [ANNOUNCE] Apache TsFile 2.2.0 released Haonan Hou
• CVE-2025-48769: Apache NuttX RTOS: fs/vfs/fs_rename: use after free Tomasz Cedro
• CVE-2025-48768: Apache NuttX RTOS: fs/inode: fs_inoderemove root inode removal Tomasz Cedro
• [ANNOUNCE] Apache Pulsar Node.js client 1.16.0 released Baodi Shi
• CVE-2025-47411: Apache StreamPipes: Leverage of User ID for Privilege Escalation Philipp Zehnder
• [ANNOUNCE] Apache CloudStack Kubernetes Provider v1.2.0 Vishesh
• [ANNOUNCE] Apache Gravitino 1.1.0 is available Qi Yu
• CVE-2025-68637: : Insecure SSL Configuration in Uniffle HTTP Client roryqi
• [ANNOUNCE] Apache TsFile 1.1.3 released Haonan Hou
• [ANNOUNCEMENT] HttpComponents Client 5.6 GA Released Oleg Kalnichevski
• [ANNOUNCEMENT] HttpComponents Client 5.5.2 GA Released Oleg Kalnichevski
• [ANNOUNCE] Apache Pekko Persistence JDBC 1.2.0 released PJ Fanning
• [ANNOUNCE] Apache Mynewt 1.14.0 and Apache Mynewt NimBLE 1.9.0 released Szymon Janc
• [ANNOUNCE] Apache NiFi 2.7.2 Released David Handermann
• CVE-2025-66524: Apache NiFi: Deserialization of Untrusted Data in GetAsanaObject Processor David Handermann
• CVE-2025-68161: Apache Log4j Core: Missing TLS hostname verification in Socket appender Piotr Karwasz
• [ANNOUNCEMENT] HttpComponents Core 5.4 GA released Oleg Kalnichevski
• [ANN] Apache Maven 3.9.12 released Slawomir Jaranowski
• [ANNOUNCEMENT] Commons Daemon 1.5.1 Released Mark Thomas
• [ANNOUNCE] Apache Commons DBCP 2.14.0 Gary Gregory
• [ANNOUNCE] Apache StreamPipes 0.98.0 Philipp Zehnder
• [ANNOUNCE] Apache Pekko Management 1.2.0 released PJ Fanning
• CVE-2025-67895: Apache Airflow Providers Edge3: Edge3 Worker RPC RCE on Airflow 2 Jarek Potiuk
• [ANNOUNCE] Apache TomEE 10.1.3 Richard Zowalla
• [ANNOUNCE] Apache log4cxx 1.6.0 released Stephen Webb
• [ANNOUNCE] Apache Airflow Providers prepared on 2025-12-09 are released Jarek Potiuk
• [ANNOUNCE] Apache Camel 4.10.8 (LTS) Released Gregor Zurowski
• [ANNOUNCE] Apache HBase Operator Tools 1.3.0 is now available for download Duo Zhang
• [ANNOUNCE] Apache Qpid Broker-J 10.0.1 released Tomas Vavricka
• [ANNOUNCE] Apache NiFi 2.7.1 Released David Handermann
• [ANNOUNCE] Apache Airflow 3.1.5 Released Ephraim Anierobi
• [ANNOUNCE] Apache Pekko (Core) 1.4.0 released PJ Fanning
• CVE-2025-54947: Apache StreamPark: Use hard-coded key vulnerability Huajie Wang
• [ANNOUNCE] Apache Pulsar Client C++ 4.0.0 released Yunze Xu
• CVE-2025-65995: Apache Airflow: Disclosure of secrets to UI via kwargs Ephraim Anierobi
• CVE-2025-66388: Apache Airflow: Secrets in rendered templates not redacted properly and exposed in the UI Ephraim Anierobi
• CVE-2025-58137: Apache Fineract: IDOR via self-service API Adam Monsen
• CVE-2025-58130: Apache Fineract: Server Key not masked Adam Monsen
• CVE-2025-23408: Apache Fineract: weak password policy Adam Monsen
• [ANNOUNCE] Apache OpenNLP 2.5.7 released Richard Zowalla
• [ANNOUNCE] Apache Jackrabbit 2.23.3-beta released Julian Reschke
• [ANNOUNCE] Apache Airflow 3.1.4 Released Ephraim Anierobi
• [ANN] CVE-2025-66675: Apache Struts: File leak in multipart request processing causes disk exhaustion (DoS) - version ranges fixed Lukasz Lenart
• [ANNOUNCE] Apache Commons Pool 2.13.0 Gary Gregory
• [ANNOUNCE] Apache SedonaDB 0.2.0 released Dewey Dunnington
• CVE-2025-26866: Apache HugeGraph-Server: RAFT and deserialization vulnerability VGalaxies
  • CVE-2025-26866: Apache HugeGraph-Server: RAFT and deserialization vulnerability VGalaxies
• [ANN] Apache Tomcat 10.1.50 Available Christopher Schultz
• [ANN] Apache Tomcat 11.0.15 Available Mark Thomas
• [ANNOUNCE] Apache Commons Text 1.15.0 Gary Gregory
• [ANN] Apache Tomcat 9.0.113 available Rémy Maucherat
• [ANNOUNCE] Apache Fory 0.13.2 released Shawn Yang
• CVE-2025-66516: Apache Tika core, Apache Tika parsers, Apache Tika PDF parser module: Update to CVE-2025-54988 to expand scope of artifacts affected Tim Allison
• [ANNOUNCEMENT] Apache HTTP Server 2.4.66 Released covener
• CVE-2025-66200: Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo Eric Covener
• CVE-2025-65082: Apache HTTP Server: CGI environment variable override Eric Covener
• CVE-2025-59775: Apache HTTP Server: NTLM Leakage on Windows through UNC SSRF Eric Covener
• CVE-2025-58098: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=... Eric Covener
• CVE-2025-55753: Apache HTTP Server: mod_md (ACME), unintended retry intervals Eric Covener
• [ANNOUNCE] Apache Flink 2.2.0 released Hang Ruan
• CVE-2025-53960: Apache StreamPark: Use the user’s password as the secret key Vulnerability Huajie Wang
• Apache Derby is now retired Richard Hillegas
• [ANNOUNCE] Apache Groovy 5.0.3 Released Paul King
• [ANNOUNCE] Apache Teaclave™ TrustZone SDK 0.7.0 Released Yuan Zhuang
• [ANNOUNCE] Apache Commons Exec 1.6.0 Gary Gregory
• [ANNOUNCE] Apache Airflow Providers prepared on 2025-12-01 are released Jens Scheffler
• [ANNOUNCE] Apache OFBiz 24.09.04 released Jacopo Cappellato
• [ANNOUNCE] Apache Grails 7.0.4 James Daugherty
• [ANN] CVE-2025-64775: Apache Struts: File leak in multipart request processing causes disk exhaustion (DoS) - S2-068 Lukasz Lenart
  • Re: [ANN] CVE-2025-64775: Apache Struts: File leak in multipart request processing causes disk exhaustion (DoS) - S2-068 Lukasz Lenart
• [ANNOUNCE] Grails Publish Gradle Plugin 0.0.3 James Daugherty
• [ANNOUNCE] Apache POI 5.5.1 release PJ Fanning
• ANNOUNCE: Emmanuel Lecharny
• ANNOUNCE: Apache MINA 2.2.5 released Emmanuel Lecharny
• [ANNOUNCE] Apache Airflow Providers prepared on 2025-11-27 are released Jens Scheffler
  • [ANNOUNCE] Apache Airflow Providers prepared on 2025-11-27 are released Jens Scheffler
• CVE-2025-59789: Apache bRPC: Stack Exhaustion via Unbounded Recursion in JSON Parser Wang Weibing
• CVE-2025-59792: Apache Kvrocks: MONITOR command reveals plaintext credentials to non-admins Hulk Lin
• CVE-2025-59790: Apache Kvrocks: RESET command grants admin privileges Hulk Lin
• CVE-2023-48796: Apache DolphinScheduler: Sensitive information disclosure Lidong Dai
• CVE-2025-59454: Apache CloudStack: Lack of user permission validation leading to data leak for few APIs Harikrishna Patnala
• CVE-2025-59302: Apache CloudStack: Potential remote code execution on Javascript engine defined rules Harikrishna Patnala
• CVE-2025-54057: Apache SkyWalking: Stored XSS vulnerability Zhenxu Ke
• [ANNOUNCE] Apache Commons Configuration 2.13.0 Gary Gregory
• CVE-2025-62728: Apache Hive: SQL injection vulnerability when processing delete column statistics requests via the HMS Thrift APIs Stamatis Zampetakis
• CVE-2025-59390: Apache Druid: Kerberos authenticaton chooses a cryptographically unsecure secret if not configured explicitly. Karan Kumar
• Apache Griffin is now retired Niall Pemberton
• Apache Traffic Control is now retired Niall Pemberton
• [ANN] Apache Tomcat Migration tool for Jakarta EE 1.0.10 Mark Thomas
• [ANN] Apache Syncope 3.0.15 Francesco Chicchiriccò
• [ANN] Apache Syncope 4.0.3 Francesco Chicchiriccò
• CVE-2025-65998: Apache Syncope: Default AES key used for internal password encryption Francesco Chicchiriccò
• [ANNOUNCE] Apache Grails 7.0.3 James Daugherty
• [ANNOUNCE] Apache Pulsar Helm Chart version 4.4.0 Released Lari Hotari
• [ANNOUNCE] Release Apache Hop 2.16.0 Bart Maertens
• [ANNOUNCE] Apache Pekko (Core) 1.3.0 released PJ Fanning
• [ANNOUNCE] Establishing the Apache Artemis project Christopher Shannon
• [ANNOUNCE] Apache GeaFlow (incubating) 0.7.0 Released Qiang Zhou
• [ANNOUNCE] Apache Airflow Providers prepared on 2025-11-18 are released Jarek Potiuk

• Earlier messages